Cybersecurity firm Palo Alto Networks has issued a warning to customers about a potential remote code execution vulnerability in its next-generation firewalls. The company advises restricting access to the management interface and recommends configuring it correctly according to recommended best practice deployment guidelines.
Palo Alto Networks is investigating signs of active exploitation, but customers should already take steps to secure their systems. The company suggests blocking access from the internet and only allowing connections from trusted internal IP addresses.
A critical missing authentication vulnerability (CVE-2024-5910) was patched in July, but threat actors can still exploit it to reset admin credentials on Internet-exposed servers. This vulnerability is tracked as a high-risk attack vector by the US cybersecurity agency CISA.
To mitigate this risk, federal agencies have been ordered to secure their systems against attacks within three weeks. Palo Alto Networks has also warned of another vulnerability (CVE-2024-9464), which can be chained with other security flaws to gain “unauthenticated” arbitrary command execution on vulnerable servers.
Source: https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-potential-pan-os-rce-vulnerability